[liberationtech] Linux distribution on encrypted USB?
Maxim Kammerer
mk at dee.su
Thu Sep 12 09:55:50 PDT 2013
On Thu, Sep 12, 2013 at 7:12 PM, The Doctor <drwho at virtadpt.net> wrote:
> It is worth noting that, if an unprivileged user can list the contents
> of the file, an unprivileged user (an attacker) can potentially unpack
> the contents of the file, tamper with them, and then repack them. I
> do not know if there are any measures to detect alteration of this
> file when TAILS boots, I haven't taken the time to go poking around
> inside the initrd.img or initrd2.img files (used by the kernel when
> TAILS boots) to see if there is anything of that sort. A cursory
> examination of the contents of the syslinux/ directory does not show
> anything of that sort.
Use Liberté if you want the real thing — a trusted boot chain.
http://dee.su/liberte-security
Current version verifies the SquashFS image in initramfs, but the next
version will use dm-verity to remove that small delay.
https://code.google.com/p/cryptsetup/wiki/DMVerity
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
More information about the liberationtech
mailing list